Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

4,127 advisories

Loading
Directory traversal in rollup-plugin-server High
CVE-2020-7683 was published for rollup-plugin-server (npm) Jul 29, 2020
LDAP Injection in ldapauth High
CVE-2015-7294 was published for ldapauth (npm) Aug 31, 2020
Malicious Package in jquerz Critical
GHSA-c6f3-3c98-2j2f was published for jquerz (npm) Sep 2, 2020
Malicious Package in froever Critical
GHSA-2r8f-2665-3gxq was published for froever (npm) Sep 2, 2020
Malicious Package in yeoman-genrator Critical
GHSA-fm7r-2pr7-rw2p was published for yeoman-genrator (npm) Sep 2, 2020
Malicious Package in tensorplow Critical
GHSA-m2fp-c79h-rr79 was published for tensorplow (npm) Sep 2, 2020
XSS due to lack of CSRF validation for replying/publishing Moderate
CVE-2020-15156 was published for nodebb-plugin-blog-comments (npm) Aug 26, 2020
gwynnarth
Unauthenticated Remote Command Injection in ep_imageconvert High
CVE-2013-3364 was published for ep_imageconvert (npm) Aug 31, 2020
Command Injection in marsdb Critical
GHSA-5mrr-rgp6-x4gr was published for marsdb (npm) Sep 3, 2020
Path Traversal in swagger-injector Critical
GHSA-v4x8-gw49-7hv4 was published for swagger-injector (npm) Sep 3, 2020
Malicious Package in serializes Critical
GHSA-j899-348x-h3rq was published for serializes (npm) Sep 3, 2020
Malicious Package in evil-package Critical
GHSA-p62r-jf56-h429 was published for evil-package (npm) Sep 3, 2020
Malicious Package in sparkies Critical
GHSA-c4fm-46gm-4469 was published for sparkies (npm) Sep 3, 2020
Malicious Package in axioss Critical
GHSA-8w9j-6wg6-qv4f was published for axioss (npm) Sep 3, 2020
Cross-Site Scripting in google-closure-library Moderate
GHSA-r9q4-w3fm-wrm2 was published for google-closure-library (npm) Sep 2, 2020
Malicious Package in saync Critical
GHSA-pm9v-325f-5g74 was published for saync (npm) Sep 2, 2020
Malicious Package in font-scrubber Critical
GHSA-65j7-66p7-9xgf was published for font-scrubber (npm) Sep 2, 2020
Path Traversal in @wturyn/swagger-injector Critical
GHSA-4x7w-frcq-v4m3 was published for @wturyn/swagger-injector (npm) Sep 3, 2020
Malicious Package in bowe Critical
GHSA-xmmp-hrmx-x5g7 was published for bowe (npm) Sep 2, 2020
Malicious Package in jqeury Critical
GHSA-4964-cjrr-jg97 was published for jqeury (npm) Sep 2, 2020
Malicious Package in browserift Critical
GHSA-43vf-2x6g-p2m5 was published for browserift (npm) Sep 2, 2020
Malicious Package in erquest Critical
GHSA-4pmg-jgm5-3jg6 was published for erquest (npm) Sep 2, 2020
Malicious Package in colro-name Critical
GHSA-jp9g-5x75-ccp8 was published for colro-name (npm) Sep 2, 2020
Denial of Service in subtext High
GHSA-2mvq-xp48-4c77 was published for subtext (npm) Sep 3, 2020
Denial of Service in http-live-simulator Moderate
GHSA-xgp2-cc4r-7vf6 was published for http-live-simulator (npm) Sep 3, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database